International Business Machines Corporation
Pre-signed URLs with custom policies for data access in an object storage system

Abstract:

A method for execution by an access layer of an object storage system includes In various embodiments, a processing system of an access layer of an object storage system includes at least one processor and a memory that stores operational instructions, that when executed by the at least one processor cause the processing system to receive a request message from a requesting entity via a network, where the request message includes a pre-signed URL. A set of custom policy parameters are extracted from the pre-signed URL. Policy verification data is generated by comparing each attribute of a determined set of attributes of the access request to a corresponding custom policy parameter of the set of custom policy parameters. An access indicated in the request message is executed in response to the policy verification data indicating that each attribute compares favorably to the corresponding custom policy parameter.